In last week’s article, I described a wave of viruses appearing last November that targeted removable storage devices, such as flash drives (“Look out for thumb infections,” 2-8-09). Viruses travelling on flash drives were infecting computers around the world, reaching into numerous critical networks, such as those run by the U.S. Army.
The official fix, recommended to consumers, government agencies and businesses alike was to disable a Windows “feature” called Autorun. Unfortunately, the fix, based on recommendations provided by Microsoft and passed on by people like me, doesn’t really work.
To disable Autorun, Microsoft suggested editing the Windows Registry, as task that most people are not prepared to take on. A program called TweakUI (TweakVI for Vista) automated these editing chores, making the fix something that normal computer users could achieve. Unfortunately, Microsoft’s suggested Registry tweaks, and programs such as TweakUI that run those tweaks, don’t get the job done.
The U.S. Computer Emergency Readiness Team (US-CERT), a division of Homeland Security, alerted by its own security researchers, as well as those from security companies around the world, reacted by issuing Technical Cyber Security Alert TA09-020A. The alert states, “Microsoft’s guidelines for disabling Autorun are not fully effective, which could be considered a vulnerability.”
Contributing to the discovery that Microsoft’s instructions were flawed was a new worm/virus called Conficker. Conficker, also known as Downadup, continues the trend of targeting removable storage devices such as flash drives, and has infected upwards of 10 million computers over the past few weeks.
In order to implement the actual fix for the Autorun problem, you must be able to (1) Copy text, (2) Paste text, (3) Run Notepad, (4) Save a file with an unusual file extension, and (5) Find a file that you have saved. If you can perform those tasks, then you will have no problem performing the real Autorun fix. Simply go to
www.us-cert.gov/cas/techalerts/TA09-020A.html and follow the instructions found under Solution Number 3.
On a related note, Microsoft released some “critical” updates this week as part of its monthly Patch Tuesday cycle. By applying the updates, a total of eight vulnerabilities are said to be fixed in programs such as Internet Explorer and Exchange Server. Internet Explorer is still used by way too many people, and Exchange Server is widely used by those who connect to the University of Oklahoma network. Be sure to update your computers as soon as possible with these updates, and let’s hope that they work as advertised.